[76351] in North American Network Operators' Group
Intelligent Automation of network tasks
daemon@ATHENA.MIT.EDU (Ejay Hire)
Tue Dec 7 13:42:29 2004
Date: Tue, 7 Dec 2004 12:39:25 -0600
From: "Ejay Hire" <ejay.hire@isdn.net>
To: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
In my opinion, every network with more than a dozen or so routers needs
an automated method to distribute massive configuration changes. There
is a lot of fear that something will break during updates, but with some
intelligence, that risk can be minimized.
Related to this, here is how I distribute Bogons, cognizant of the fact
that the system has to be smart enough not to break anything in the
event a telnet session breaks.
So, here is what I send to my routers..=20
No ip prefix-list bogons
ip prefix-list bogon seq 1 permit 0.0.0.0/0
Ip prefix-list bogon deny 0.0.0.0/7 le 32
Ip prefix-list bogon deny 2.0.0.0/8 le 32
<snip>
Ip prefix-list bogon deny 197.0.0.0/8 le 32
Ip prefix-list bogon deny 223.0.0.0/8 le 32
ip prefix-list bogon permit 0.0.0.0/0 le 27
No ip prefix-list bogon seq 1 permit 0.0.0.0/0
Worst case scenario, I break my bogon filters... and that happens very
very rarely. The same logic can be applied to access-list using named
access lists.
Hopefully that will help someone.
-ejay
